CVE-2023-5378 in MegaBIPinfo

Summary

by MITRE • 01/29/2024

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 04/20/2025

The vulnerability identified as CVE-2023-5378 represents a critical security flaw in legacy web applications that has persisted due to the continued use of unsupported software versions. This issue manifests as an improper input validation weakness that enables attackers to inject malicious scripts into web applications, specifically affecting MegaBIP and SmodBIP platforms. The vulnerability stems from insufficient sanitization of user-supplied data before it is stored and subsequently rendered in web pages, creating an environment where malicious payloads can be executed in the context of other users' browsers. The affected systems include all versions of SmodBIP and MegaBIP versions up to 4.36.2, with no confirmation provided by vendors regarding remediation efforts in newer releases.

The technical nature of this vulnerability places it squarely within the scope of CWE-20, which describes improper input validation as a fundamental weakness in software design. This flaw allows for stored cross-site scripting attacks where malicious scripts are permanently stored on the server and executed whenever legitimate users access the affected application. The attack vector typically involves an attacker submitting malicious content through forms, comments, or other user input mechanisms within the application, which are then stored in the database without proper sanitization. When other users browse to pages containing this stored content, their browsers execute the malicious scripts, potentially leading to session hijacking, credential theft, or data exfiltration.

The operational impact of this vulnerability extends beyond simple script execution, as it represents a significant threat to user privacy and application integrity. Attackers can leverage this weakness to impersonate legitimate users, access sensitive data, modify application behavior, or redirect users to malicious websites. The persistence of stored XSS makes this vulnerability particularly dangerous as it can affect multiple users over extended periods without requiring repeated exploitation attempts. Organizations relying on these legacy platforms face substantial risk of data breaches, regulatory violations, and reputational damage, especially considering the long-term exposure period that allows for continuous exploitation of the vulnerability.

Organizations should implement immediate mitigations including input sanitization measures, output encoding, and comprehensive security testing of all user-supplied content. The remediation strategy should prioritize upgrading to supported versions of the affected software where possible, though this may not be feasible given the end-of-life status of these platforms. Additional protective measures include implementing content security policies, regular security scanning, and user education to recognize potential phishing attempts that may exploit this vulnerability. The ATT&CK framework categorizes this issue under T1531, which covers "Modify Application Configuration", as attackers can manipulate application behavior through stored script injection. Security teams must also consider the broader implications of supporting legacy software, as these platforms often lack modern security features and regular updates that would prevent such vulnerabilities from persisting in supported environments.

Responsible

CERT.PL

Reservation

10/04/2023

Disclosure

01/29/2024

Moderation

accepted

CPE

ready

EPSS

0.00527

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!